Constructors

Properties

Specifies which headers are allowed in a preflight OPTIONS request through
the Access-Control-Request-Headers header. Each header name that is specified
in Access-Control-Request-Headers must have a corresponding entry in
the rule. Only the headers that were requested are sent back.

One or more response headers that you want users to be able to access from their applications
(for example, from a JavaScript XMLHttpRequest object).

Each CORS rule must have at least one AllowedOrigin element. The string
value can include only one wildcard character (*), for example, http://*.example.com.
Additionally, you can specify only one wildcard character to allow cross-origin access
for all origins.